When DataBreaches compiles statistics on health data breaches for Protenus’s annual Breach Barometer, Nebraska generally has fewer than 10 breaches per year. Seeing two reports in one brief period is a bit unusual.
This week, DataBreaches found that West Central District Health Department (WCDHD) had disclosed some kind of hacking incident that occurred between May 18 and May 23 of this year. The unauthorized actor was able to access financial account numbers, Social Security Numbers, and driver’s license or state identification numbers along with patient names. Knop News reported the incident, and WCDHD has a substitute notice linked from its home page.
And then there was also Rock Valley Physical Therapy, which disclosed that on September 22, in connection with emailing patients about the clinic’s participation in a health insurance network, an employee made an email error and sent out an email with patients’ email addresses in the cc: line instead of the bcc: line. The press release was posted in a Nebraska news outlet, and the error may not have impacted their Iowa or Illinois clinics. DataBreaches could find no notice on Rock Valley’s website.
Neither of these incidents has appeared on HHS’s public breach tool — at least, not yet. If they do, that will bring Nebraska to nine reports so far for this year.